Had to look it up to make sure I'm using English right:digit - The digits of the decimal number system are 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9, and those in the hexadecimal number system are those in the decimal system along with A, B, C, D, E and F.Letters count. Ultimately I'm looking to find the transaction hash that matches the beginning the best.

That was the old method - it was too confusing and still could me manipulated with expensive super computers.

"ec" is just part of the hash. Each payment will have a hash 1-9 and a-f. All mixed up. The draw hash is compared to transaction hashes to find the winner. The hash can not be predicted or controlled since mega millions numbers are added after all the payments are in.

Ah alright, just I misinterpreted "digit" as a traditional 0-9 number, not as a hexadecimal digit.I see you transfer the payment via 1 bitcoin transactions, that's an odd way to do it.

1% is a really small operator's fee, it might be wise to take a bit more to invest in advertising and to put some coins as the jackpot minimum at the start of every round.both would benefit the players after all

That was the old method - it was too confusing and still could me manipulated with expensive super computers.

"ec" is just part of the hash. Each payment will have a hash 1-9 and a-f. All mixed up. The draw hash is compared to transaction hashes to find the winner. The hash can not be predicted or controlled since mega millions numbers are added after all the payments are in.

Ah alright, just I misinterpreted "digit" as a traditional 0-9 number, not as a hexadecimal digit.I see you transfer the payment via 1 bitcoin transactions, that's an odd way to do it.

1% is a really small operator's fee, it might be wise to take a bit more to invest in advertising and to put some coins as the jackpot minimum at the start of every round.both would benefit the players after all

That's the bitcoin software that does that not me. Since I was paid in 1 BTC amounts when I paid the winner it just moved them. When they spend coins though it will probably be combined now.

I don't think I'd change the 1% fee. I know it's very tiny! I know, I barely afford the hosting for the lottery. BUT, hopefully because it's such a good deal for everyone BitLotto will grow based off of customer satisfaction not by advertising. I hope. I think too, as more people win who announce they won, people will slowly trust me more. As the trust grows, hopefully the jackpot will too. I want people who like to play the lottery to have the best experience possible where they KNOW they got their BTC worth and got exactly what they paid for. I want BitLotto to be the place that people go to play the lottery.

Had to look it up to make sure I'm using English right:digit - The digits of the decimal number system are 0, 1, 2, 3, 4, 5, 6, 7, 8 and 9, and those in the hexadecimal number system are those in the decimal system along with A, B, C, D, E and F.Letters count. Ultimately I'm looking to find the transaction hash that matches the beginning the best.

Although you're sourcing that from a wiki dictionary and not a word authority like Merriam-Webster, I agree. Just be aware that your usage of digit in your details page is a bit vague if you don't specify the hexadecimal numbering system.

That's the bitcoin software that does that not me. Since I was paid in 1 BTC amounts when I paid the winner it just moved them. When they spend coins though it will probably be combined now.

I don't think I'd change the 1% fee. I know it's very tiny! I know, I barely afford the hosting for the lottery. BUT, hopefully because it's such a good deal for everyone BitLotto will grow based off of customer satisfaction not by advertising. I hope. I think too, as more people win who announce they won, people will slowly trust me more. As the trust grows, hopefully the jackpot will too. I want people who like to play the lottery to have the best experience possible where they KNOW they got their BTC worth and got exactly what they paid for. I want BitLotto to be the place that people go to play the lottery.

That's odd, I didn't know you couldn't just transfer whatever balance you had. Well with all the hackings and malware going around if I won I wouldn't publicly announce it. Looks like you're running the most popular lottery, I don't think anyone is even close to $1,200 USD in payouts.

Although you're sourcing that from a wiki dictionary and not a word authority like Merriam-Webster, I agree. Just be aware that your usage of digit in your details page is a bit vague if you don't specify the hexadecimal numbering system.

Thanks. Next time I update the site I'll mention that a-f are digits.

Quote

That's odd, I didn't know you couldn't just transfer whatever balance you had. Well with all the hackings and malware going around if I won I wouldn't publicly announce it.

I think you mis understand. The BTC was in the BitLotto wallet. I just send one payment. It did all the moving of coins. It doesn't combine the coins before moving to the next person. It happens all the time when sending BTC. I say to it send 100 it then sends 100 but looking in blockexplorer it sent 1 but 100 times. It's ok, doesn't really change anything.

I think you mis understand. The BTC was in the BitLotto wallet. I just send one payment. It did all the moving of coins. It doesn't combine the coins before moving to the next person. It happens all the time when sending BTC. I say to it send 100 it then sends 100 but looking in blockexplorer it sent 1 but 100 times. It's ok, doesn't really change anything.

Announce what?

Yeah, I meant I was just noting that I didn't know you couldn't just transfer in one transaction.

Don't worry: I can't I don't know who plays or who wins. Only if the person announces they won do I know. So far one person has remained anonymous while the other created a new account to announce their win so I don't really know who they are either. If you win it's up to you.

Don't worry: I can't I don't know who plays or who wins. Only if the person announces they won do I know. So far one person has remained anonymous while the other created a new account to announce their win so I don't really know who they are either. If you win it's up to you.

Don't worry: I can't I don't know who plays or who wins. Only if the person announces they won do I know. So far one person has remained anonymous while the other created a new account to announce their win so I don't really know who they are either. If you win it's up to you.

I was wrong, but it only strengthens my case. The correct statement is: The customers don't lose, and the operator doesn't gain.

Consider two scenarios:

Scenario A: A million customers each buy a single ticket.The operator collects a 10K BTC fee.Each customer paid 1 BTC and has 1/1M chance to win 0.99M, so his expected gain from the bet is -0.01 BTC.

Scenario B: A million customers each buy a single ticket, and the operator buys 1M tickets for himself.The operator paid 1M. He has 50% chance of winning the entire 2M, and a 50% chance of getting only a 20K fee. Expected gain is 10K BTC, same as before.Each customer paid 1 BTC and has 1/2M chance to win 1.98M, so his expected gain from the bet is -0.01 BTC.

Because as jerfelix pointed out this lottery is not progressive, there is never an expected gain out of it. Customers pay in expectation to get the rush of high variance. So all the operator can do is get this high variance without paying for it, he cannot gain in expectation.

Meni Rosenfeld is correct. No matter how many tickets the operator buys, the customers don't lose, and the operator doesn't gain.

The scenarios Meni has written are sufficient to show that the operator doesn't gain. However, to flog this dead horse, here's another pair of scenarios:

Regardless of how many lotto tickets the operator buys, his gain is the same, 1% of the customer's bet. Regardless of how many lotto tickets a customer buys, his loss ratio is the same, the 1% fee which goes to the operator.

-All payments go to the same address: eg. http://blockexplorer.com/address/1D9c6qLKRjxh7xbyv6MBUcBFJHDFeDQpsg-all .25 payments can be verified (some bought for 1 btc before big BTC price changes - tickets still valid and .75 returned- check their addresses and you can see .75 payment from me)-each transaction has a unique hash - can't change it as it's part of Bitcoin blockchain-total jackpot size can be verified by adding .25 tickets or looking at received BTC in blockexplorer (accounting for a few who over paid)-draw then ends - tickets are all set in stone in the block chain each with a unique hash-winner is determined by a hash of block hash + mega millions numbers to prevent a miner trying to increase odds by not submitting a block if it doesn't work for them -the hash is totally unpredictable and impossible to manipulate unless you can manipulate the USA mega millions lottery (impossible)-using a set algorithm the winner is determined based on their payment hash (method is set and can't change)-payment can only go to the person who sent the ticket -look at blockexplorer and payment can only go to that address -that's why using Bitcoin on their own computer is so important. I can not send to any other address!! -there is no way I can cheat!!!

It's cheat proof. If you can think of a way I can pay myself without everyone noticing I'll give you all the BTC I own!!

can not be gamed by Jerfelix's method, regardless of how many tickets the operator buys.

This is not a matter of opinion, anyone with a correct understanding of statistics can follow the reasoning to its inevitable conclusion.

tldr; I would like to see a "provably honest" lottery, and provide formal step-by-step proof that a lottery without a trusted escrow is not provably honest.

First, realize that this whole thread started with a comment by Joan that said "Lotteries need to be provably honest." Keep in mind, I didn't start this thread, despite the appearance to the contrary. I made a comment in response to Joan in another thread, and apparently an administrator thought it was interesting enough (or off-topic enough) to merit its own thread, and moved in into it's own thread, making my message the lead comment. The original topic was "Re: Bitcoin7 a new exchange" as you can see in some of the early messages starting with message #2. In an effort to have it make sense on the forum (since the admin forced me into a position of "thread first post" with a message that didn't make much sense as the first post, and made it look like I made no sense), I changed the topic and the intro to the first message, because having it called "Bitcoin7" wasn't logical. If that appears "dishonest", tell me what you want it to say. I have already edited it twice in an effort to have it make sense to the casual reader, and in an effort to appease the user Bitlotto's claims that I was being dishonest. I can't guess at what you want. I have never accused Bitlotto of being dishonest (even though he accused me of that), in neither the current thread, nor the pre-edited post.

Second, I have no malice toward bitlotto (the user or the service). My goal in this thread is simple: figure out a way to create "provably honest" lotteries, and determine whether there is one already. The Bitlotto service may be completely honest (and I've stated already that I believe that it likely is), but the challenge of this thread is whether it is provably honest, as stated in the very first message. It got more interesting when Bitlotto, the user, made a claim that his service is "cheat-proof". Remember, the goal is to have "provably honest" lotteries, and so if this claim is true, he may have one. But I don't think so.

I believe Bitlotto wants his service to be provably honest, and I made a suggestion as to why I don't think it's cheat-proof, and how it could be improved with a trusted escrow.

Step By Step Proof

So, as a proof that Bitlotto, the service, is not "cheat-proof" without a trusted escrow, here's excruciating step-by-step proof (sorry so long). If you disagree, please tell me which particular step in my logic is flawed.

Step 1. In order for a lottery to be provably honest, the participant's true expected payout must be equal to the published expected payout, which is published by the lottery operator.

Step 2. It is impossible to tell whether a lottery participant is affiliated with the lottery (either the lottery operator or a shill). I believe this is self-evident, and user Bitlotto also made the claim that the participants are anonymous. Even if all participants stepped forward and individually identified themselves, it's impossible to prove that they are not affiliated with the lottery operator. (It's often impossible to "prove a negative".)

Step 3. The operator can purchase tickets to his own lottery without being detected. (Thanks to Step 2)

Step 4. There is a concept of "finite". Users have finite lifespans. Operators have finite lifespans. Companies have finite lifespans.

Step 5. There is a concept of "virtual certainty". (Any supporter of Bitcoin should understand this concept, as the whole Bitcoin system is based on virtual certainty principles, from the confirmation process, to the effort to create unique Bitcoin Addresses.) There are events whose probability is so high that it is "virtually certain" that they will happen. And within the context of a finite number of trials, they will almost certainly happen every time.

Step 6. It is possible for an operator to purchase tickets to their own lottery with virtual certainty of a win. This step is perhaps best demonstrated with an example. Using extremes, it's easy to see that this is true. Let's say Satoshi holds 600,000 Bitcoins, and he holds a random monthly lottery whereby he convinces a single user to wager .01 Bitcoin, with the potential payoff of 600,000 Bitcoins. Satoshi holds 60 Million times as many entries as the user. While all lotteries are long shots, you can predict with virtual certainty who will win this lottery every month during Satoshi's finite lifetime: Satoshi. Note, it's important also to note that a VERY small change from approximately 1 in 60 Million to 0 in 60 Million is the difference between honest and dishonest; Satoshi purchasing that many tickets in his own lottery does not in itself make the lottery dishonest.

Step 7. It is possible to "launder" Bitcoins such that you can hide your identity and pay yourself, without everyone being able to detect who had the original Bitcoins. (No need to read this whole step, unless you don't believe that it's possible to launder Bitcoins without "everyone noticing".) Once again, easy to demonstrate with an extreme example: Let's say you have 1 Bitcoin that you are trying to launder. You can transmit 1000 Bitcoins to an account, with that 1 Bitcoin bundled as part of the transaction. And then transmit 1000 Bitcoins to 1000 separate accounts, and the particular "1" Bitcoin is effectively lost. No one can say with certainty which of the 1000 accounts holds the "dirty" one (in fact, every accusation is likely to be a false accusation as, in this example, 999 out of 1000 accounts are clean. If you don't think that's enough laundering, run it through the same process 1000 times). There are a number of well-documented ways to move money around to launder it. You may even be able to set up an anonymous Mt. Gox account using Tor, transfer the 1 Bitcoin to the account, wait a week, and then make a 1 Bitcoin withdrawal. During that week, "your" 1 Bitcoin will likely have been bundled with others and sold, and the one that you withdraw would be clean. Not everyone would notice that you did that. In fact, everyone would NOT know - only someone with access to the Mt. Gox logs would be able to tell what the "new coin" was, and if he were a co-conspirator, then it'd be possible that no one else would know. Laundering money is possible with Bitcoin (even though laundering large amounts is difficult, it is still quite possible to launder money so that not "everyone notices" that the lottery operator is paying himself).

Step 8. A lottery operator can shut down his lottery and take all the bets without paying off a winner, effectively stealing money from lottery participants.

Step 9. A lottery operator can launder stolen money. (see step 7)

Step 10. If a lottery operator's mode of operation is that under certain circumstances (of even miniscule probability), he will steal money from the lottery participants, and this plan to steal is not published in the lottery rules, then the user's true expected payout is less than the published expected payout, and therefore, by definition in step 1, the lottery is not "provably honest". (Note, this is regardless of whether the circumstances which trigger the planned theft ever occur in finite time.)

Step 11. It is possible for a lottery operator to, unbeknownst to the participants, purchase tickets to his own lottery, to create virtual certainty that he will win (Step 6), and have an unpublished fallback plan (which is virtually certain to never have to be executed), to shut down and steal the jackpot, and launder the money (Step 10).

Step 12. Lotteries that do not employ trusted escrow services cannot be "provably honest", because such lotteries can have a mode of operation whereby they steal from the participants under certain circumstances (as mentioned in Steps 10 and 11).

Q.E.D.

"Virtual Certainty" means with an extremely high probability, and you can take all of the above steps and apply them with lower probabilities within the context of finite lifespans. You may be questioning the relevance of this proof (with extreme examples) in the context of one like Bitlotto.

The simple, very practical example that I already gave is that an unscrupulous lottery operator can set up a lottery whereby he runs a monthly lottery selling 1 Bitcoin worth of legitimate tickets and buys 130 himself, with the plan to run off with the money if he fails to win. He will make approximately 10% annual return on his "investment", and his lottery will have an expected lifespan of ten years before he runs out of luck. Further, if he pumps his gains back into his lottery, he can extend the expected lifespan of his ruse. And if his monthly execution is that he buys all of his tickets on the last day, then he ties up his money for very little time (12 days a year), while making 10% annual return on his money. Over ten years, he never makes a legitimate payout, and every monthly "drawing" is a scam, despite appearances to the contrary. Low risk, minimal investment, reasonable payback. You can alter the parameters to achieve the risk/reward that you find desirable, but I contend that an investment returning 10% per year with very little risk and the opportunity to make the risk even less in greater years is an attractive investment.

I also asked the simple question as to how we could prove that Bitlotto DIDN'T do that already, to which all I got back was that the burden of proof is on me, to prove that he did. No, that's not my obligation. I'm not set out to prove that BitLotto is a scam, I'm trying to prove, and feel I have successfully proven, that it's not "provably honest". And so it's not my obligation to prove that he did cheat; It's my obligation to prove that he could have cheated (which I feel I did in earlier posts, and just did again in this post), and thus far no one has been able to find legitimate fault with my proof.

Changing the subject away from a particular lottery and speaking generally: to me, it's obvious that a lottery that plans to steal the money under certain random events, without disclosing this plan in the lottery rules, is dishonest, regardless of whether that random event ever occurs. If the Satoshi lottery mentioned above in Step 6 had the published plan of "your odds of a payout are 1 in 60 Million", but with a real plan of "if that 1 in 60 Million chance hits, I'm not going to pay off anyway", then it would be dishonest, regardless of whether the one-in-sixty-million long-shot event ever occurred. And that long-shot event will likely never occur within the span of Satoshi's lifetime, yet such a lottery is dishonest.

All of this proves that any claim of "It's cheat proof" is false. And that it is possible for a lottery operator to "pay [him]self without everyone noticing". These were the exact challenges that were put forth in thread message #4.

Unless a Lottery operator can prove that the published expected payout is accurate (and that he has no plans to run off with the money), he cannot have a provably honest lottery. By instituting a trusted escrow, it's possible to reduce the likelihood of an operator being able to execute a plan to run off with the money.

Why am I trying so hard? Because I want a provably honest lottery. And to me it seems pretty clear that this is not provably honest (and that it's a hard problem to solve) and I can't believe that I'm having a hard time convincing certain other people to understand what I think is obvious. And if I am wrong, I want to know exactly where I am wrong, because I am not seeing it, after reading numerous futile messages to enlighten me.

P.S. I'm not sure what the reluctance is to running a lottery through a trusted escrow. Is it the cost?

P.S. I'm not sure what the reluctance is to running a lottery through a trusted escrow. Is it the cost?

Well, the "build trust and then run away at some point" can be applied too.I agree, the operator cannot prove that he won't run with the money. In this sense it's not provably honest. Neither is a third party escrow unfortunately.

It is possible for a lottery operator to, unbeknownst to the participants, purchase tickets to his own lottery, to create virtual certainty that he will win

The premise to this is that no player will prevent him.As a player, I can make sure the operator does not execute step 11, because I can myself purchase enough tickets to remove this virtual certainty.(Indeed, I can purchase enough tickets to secure the virtual certainty in my favor).

Admittedly, this may end in an arms race to secure the odds, (and we're back at step 4: users have a finite amount of bitcoins to play with). It's not a proof of honesty per se obviously. But it states the existence of a method for any player to be sure that he is not tricked with the technique you detailed.

So, as a proof that Bitlotto, the service, is not "cheat-proof" without a trusted escrow, here's excruciating step-by-step proof (sorry so long). If you disagree, please tell me which particular step in my logic is flawed.

Step 6.

Step 6 is broken easily by the NOT indefinite amount of Bitcoins in the system.The maximum amount of Bitcoins the lottery could hold are "total current Bitcoins - my Bitcoins", assuming that the lottery also runs the entire bitcoin system.

The worst chances of winning therefore are "My bitcoins/total bitcoins".

As soon as "My bitcoins" grows large enough, the lottery cannot any longer outbid me 1000-fold (or whatever is considered "virtually certain"). Assuming Satshi has 10% of all Bitcoins in posession and breach of trust (just taking the money and running away) is not cheating, but a different "attack", the maximum amount the lottery could bid against him would be 90% of all Bitcoins.

Long story short:It is not possible for the lottery owner for arbitrary amounts to gain "virtual certainty" of winning. This means, he must impose maximum amounts that players are allowed to play each round to make sure he is always _able_ to overbid. Also just 1:100 or 1:1000 might not be enough, depending on the intended lifespan of such an endeavour, plus it would give less interest the better chances you want to have (if you overbid by 1000 each time, you just have 0.1% interest each round)

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3ZbMail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf

Me buying tickets is only a problem *if* I'm planing on running one day. I get that. You pretty much say that all this *cheating* depends on me planning on running. I get that. BUT it would be noticed when I do!

*I'd love to do escrow* I really would. I just don't know how I'd set it up!!How?

Someone somewhere has to hit PAY! That person could be a player themselves. That person could be someone who just lost a lot of money. Who would we pick? I think someone said Gavin? Well, perhaps he's not interested. I wouldn't want it to be an American (No offense) It's just that the laws are a big jumble of white,grey,and black. Almost everyone is a criminal in some way. We could think it's safe having someone hold it only to have another big lottery company complain because they don't want to compete, create a panic in the media, and money seized? Now it's lost. Is money held in escrow in the USA more risky? What country then? Perhaps it's safer having an anonymous person having it? I only have access to a small amount right now. I'm still building trust. You say I could be waiting for a big jackpot to run away with. I think that would be STUPID of me because:-I'd for sure have committed a crime - theft-I'd piss off thousands of thousands of highly technical people -I'd be caught eventually -Having Anonymous after me for example would make my life a living hell-I'd be miserable always wondering if I'd get caught-The 1% is the key: I can make a comparatively small profit honestly, no worries, and with time I can make money off that 1%, I don't NEED to steal it (I'm even going to teach my partner how to pay the winner if I die!)-It is in my best interest to operate a legitimate lottery

UNTIL I run with the money, all the draws can be demonstrated to be sound. Sure my *intent* could be in doubt BUT each draw can be proven that the rightful person got the winnings.

IF someone can show how I can do escrow safely that doesn't have the risk I mentioned I'll do it. I really will.

You'd rather it be you, of course. I'd rather it be someone who is trusted. And I'd rather it be someone who doesn't have a stake in the game. Gavin offers ClearCoin Escrow, and he seems to be someone that many people trust.I'm really not trying to be a jerk here, but this whole thread is about running a trustworthy betting site, and you made a bet and lost, and are showing your level of trustworthiness. You really have few options at this point, because you and your site's reputation is at stake. If you make a very public bet, and lose (and if most people agree that you lost), and you don't pay, then why would they trust your site?

We can take this conversation offline if you prefer, but I think your reputation is at stake here.

I think you are delusional about most people agreeing that he lost. I know I for one don't agree with that.

I also think your reputation has become more at at stake here then his.